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Abstract 

Composable  Operations  Center  (COC)  is  a  MITRE- wide  initiative  that  brings  together  the 
MITRE  Innovation  Program  (MIP)  and  MITRE  work  programs  to  develop  and  demonstrate  a 
common  approach  for  hosting  and  rapidly  composing  operations  center  capabilities  within  a 
secure  virtual  computing  environment.  The  initiative  began  in  January  2010  and  is  expected  to 
continue  through  September  2012.  This  document  provides  an  overview  of  the  MITRE  Naval 
Division's  engagement  through  November  2010. 

The  COC  concept  is  developed  to  afford  the  capability  to  rapidly  consume  and  produce  essential 
information  while  operating  in  rapidly  changing  environments.  As  a  generalized  information¬ 
centric  approach  defined  by  unanticipated  partners  and  events,  the  desired  outcome  for  our 
sponsors  is  to  be  able  to  compose  a  scalable,  tailored  operations  center  within  minutes  vice  days, 
weeks,  or  months  that  meets  the  current  mission’s  objectives. 

The  overall  technical  objectives  are  to  develop  and  demonstrate  to  key  MITRE  customers  and 
stakeholders  a  common  approach  for  hosting  and  rapidly  composing  operations  center 
capabilities  within  a  secure  virtual  computing  environment.  The  environment  will:  be  based  on  a 
defined  framework  so  that  components  can  be  defined,  built,  managed,  and  shared  separately 
from  the  core  technologies;  leverage  Web  2.0  and  virtualization  technologies  to  rapidly  compose 
critical  Command  and  Control  (C2)  capabilities  on  demand;  maximize  the  use  of  shared  content 
from  authoritative  and  trusted  sources  in  common  formats;  reduce  the  physical  footprint  of 
conventional  operations  centers  (air,  ground  and  maritime);  and  allow  C2/battle  management 
capabilities  (plan,  organize,  direct  and  monitor  execution)  to  be  decentralized  and  distributed 
across  the  battlespace. 

To  realize  the  objectives,  the  COC  initiative  has  the  following  goals:  (1)  develop  generalized 
approaches  for  instantiating  information  flows  with  unanticipated  participants,  (2)  develop 
solutions  to  rapidly  constitute  essential  processing,  communication,  applications  and 
information,  (3)  demonstrate  how  to  compose  an  operations  center  in  minutes  and  hours  instead 
of  days,  weeks  or  months,  and  (4)  engage  potential  early  adopters  with  proofs  of  concept.  This 
report  focuses  on  the  initial  steps  to  realize  these  four  goals. 

Goal  one  of  information  flows  with  unanticipated  users  is  illustrated  through  standards-based, 
simple  message  and  data  formats.  The  ubiquitous  nature  of  the  simple  formats  results  in  many 
data  sources  and  tools  that  enable  data  fusion,  and  the  rise  of  prosumers  that  both  produce  and 
consume  data.  The  second  goal  of  rapidly  constituting  essential  computing  resources  focuses  on 
virtualization  as  the  foundation  of  a  composable  operations  center.  Virtualization  provides 
configurable  compute,  memory,  storage  and  network  resources  that  can  be  dynamically  adjusted 
in  a  matter  of  minutes.  Several  MITRE  proof-of-concept  tools  are  discussed  that  automate  the 
creation  and  management  of  operations  centers,  provide  web-based  mashup  environment  to 
compose  mission  capabilities  and  an  app  store  to  share  the  composed  capabilities.  Leveraging  the 
capabilities  of  the  first  two  goals,  goal  three  composes  an  operations  center  measured  in  minutes 
during  an  October  mashup  event  at  MITRE  Quantico's  Demo  room.  The  COC  initiative  has 
begun  to  integrate  the  evolving  Marine  Corps  Tactical  Service  Oriented  Architecture  (SOA)  to 
support  consuming  data  from  C2  systems.  The  fourth  goal  of  engagement  with  potential  early 
adopters  builds  on  goal  three  focusing  on  mobile  operations  with  a  COC  fly-away  kit.  The  report 
concludes  with  observations  of  virtualization  performance,  network  configurations,  limitations  of 
web-based  tools  and  Virtual  Machine  (VM)  management. 
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1  Introduction 

Composable  Operations  Center  (COC)  is  a  MITRE-wide  initiative  that  brings  together  the 
MITRE  Innovation  Program  (MIP)  and  MITRE  work  programs  to  develop  and  demonstrate  a 
common  approach  for  hosting  and  rapidly  composing  operations  center  capabilities  within  a 
secure  virtual  computing  environment.  The  initiative  began  in  January  2010  and  is  expected  to 
continue  through  September  2012.  This  document  provides  an  overview  of  the  MITRE  Naval 
Division's  engagement  through  November  2010. 

1.1  Background 

MITRE  embarked  upon  the  COC  initiative  to  influence  the  systems  engineering  of  Command 
and  Control  (C2)  systems  and  overall  architecture  of  operations  centers  (ops  center)  at  the 
Tactical  and  Operational  Levels  of  War.  This  initiative  is  part  of  a  broader  area  of  MITRE 
research  known  as  Composable  Capability  on  Demand  (CCOD®),  which  is  focused  on  a  set  of 
technical  means  and  constructs  that  will  enable  Department  of  Defense  (DoD)  and  civilian  users 
to  dynamically  assemble  and  employ  elements  of  the  Command,  Control,  Communications, 
Computers,  Intelligence,  Surveillance  and  Reconnaissance  (C4ISR)  enterprise  to  successfully 
accomplish  missions.  CCOD®  will  allow  users  to  adapt  that  enterprise  to  the  nature  and  scale  of 
the  mission  and  adversary. 

1.2  Objective 

The  COC  concept  is  developed  to  afford  the  capability  to  rapidly  consume  and  produce  essential 
information  while  operating  in  rapidly  changing  environments.  As  a  generalized  information¬ 
centric  approach  defined  by  unanticipated  partners  and  events,  the  desired  outcome  for  our 
sponsors  is  to  be  able  to  compose  a  scalable,  tailored  ops  center  within  minutes  vice  days,  weeks, 
or  months  that  meets  the  current  mission’s  objectives. 

The  MITRE  COC  initiative  began  in  January  2010  and  is  expected  to  continue  through 
September  2012.  The  overall  technical  objectives  are  to  develop  and  demonstrate  to  key  MITRE 
customers  and  stakeholders  a  common  approach  for  hosting  and  rapidly  composing  operations 
center  capabilities  within  a  secure  virtual  computing  environment.  The  environment  will: 

•  Be  based  on  a  defined  framework  so  that  components  can  be  defined,  built,  managed,  and 
shared  separately  from  the  core  technologies. 

•  Leverage  Web  2.0  and  virtualization  technologies  to  rapidly  compose  critical  C2  capabilities 
on  demand. 

•  Maximize  the  use  of  shared  content  from  authoritative  and  trusted  sources  in  common 
formats. 

•  Reduce  the  physical  footprint  of  conventional  operations  centers  (air,  ground  and  maritime). 

•  Allow  C2/battle  management  capabilities  (plan,  organize,  direct  and  monitor  execution)  to  be 
decentralized  and  distributed  across  the  battlespace. 

During  Fiscal  Year  (FY)  10,  MITRE  established  the  necessary  resources  to  successfully  execute 
the  COC  initiative,  to  include  the  core  engineering  team,  computing  infrastructure  and  research 
pipeline.  Currently,  three  COCs  are  established  at  MITRE  Bedford,  Quantico  and  San  Diego  to 
provide  a  development  and  demonstration  environment  in  support  of  Air  Force,  Marine  Corps 
and  Navy  customers,  respectively.  During  FY  11,  MITRE  expects  to  establish  a  COC 
environment  at  MITRE  Aberdeen  to  support  the  Army  customers. 
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The  COC  initiative’s  goals  are  to: 

•  Develop  generalized  approaches  for  instantiating  information  flows  with  unanticipated 
participants. 

•  Develop  solutions  to  rapidly  constitute  essential  processing,  communication,  applications  and 
information. 

•  Demonstrate  how  to  compose  an  ops  center  in  minutes  and  hours  instead  of  days,  weeks  or 
months. 

•  Engage  potential  early  adopters  with  proofs  of  concept. 

The  following  key  outcomes  are  expected  as  part  of  the  COC  initiative: 

•  Warfighter  advocacy  for  application  of  CCOD®  concepts  to  meet  their  emerging  information 
needs. 

•  Acquisition  community  and  industry  acceptance  of  CCOD®  approaches. 

•  Engage  MITRE  in  direct  technical  work  to  apply  CCOD®  concepts  to  their  programs  and 
initiatives. 

2  Information  Flows  with  Unanticipated  Participants 

Operations  centers  are  developed  to  be  hubs  for  sharing  information.  Traditionally,  most  watch 
standers  and  other  operations  centers’  personnel  function  as  consumers  of  information.  They 
consume  multiple  feeds  and  sources  of  information,  gain  situational  awareness,  and  produce 
minimal  information  streams.  With  COC,  personnel  are  envisioned  to  be  "prosumers1"  -  they  not 
only  consume  large  amounts  of  information,  but  also  produce  commander  relevant  information 
that  is  shared  across  their  networks.  The  root  process  of  a 
COC  is  to  receive  information,  make  it  relevant  to  the 
commander,  and  then  share  it. 

Prosumers  exist  because  information  is  shared  through 
widely  adopted,  simple  to  use  formats.  For  COC,  the  key 
formats  are  the  same  formats  used  throughout  the  Internet.2 
For  transmission  of  data,  the  Hypertext  Transfer  Protocol 
(HTTP)  is  used,  the  structure  (syntax)  of  the  data  is 
provided  by  extensible  Markup  Language  (XML)  and  the 
meaning  (semantics)  is  through  several  formats;  with  the 
key  formats  being  Geo  Really  Simple  Syndication 
(GeoRSS)  and  Keyhole  Markup  Language  (KML).  Since 
the  formats  are  simple  to  use,  many  data  providers  expose 
their  data  in  these  formats. 

Figure  1  illustrates  an  example  of  data  being  shared  using 
KML  from  two  different  sources  and  displayed  via  Google 
Earth.  There  are  cases  of  duplicate  data  in  this  simple  data 
fusion  example;  but,  since  the  data  is  visualized  based  on 
latitude  and  longitude,  the  duplicates  are  fairly  easily 
identified.  MarineTraffic.com  data  is  more  accurate  (more 


Figure  1  Loose-couplers  enable  data 
fusion 


1  Tapscott,  Don  and  Anthony  Williams.  Wikinomics:  How  Mass  Collaboration  Changes  Everything.  2007.  New 
York,  NY:  Penguin  Group:  124-150. 

2  In  COC,  DoD  formats  are  incorporated  as  well  to  include  Cursor  on  Target  and  UCore. 
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recent  updates)  and  much  richer  (track  history,  wiki  of  the  vessels)  with  respect  to  the  vessel 
track  data.  However,  the  SAGE3  data  provides  other  useful  features,  such  as  tracking  the  Gulf  oil 
spill.4  Because  multiple  data  sources  are  available  via  the  loose-coupler  of  KML,  data  can  be 
easily  fused. 

3  Rapidly  Constitute  Essential  Computing  Resources 

This  section  discusses  the  tools  and  techniques  to  quickly  instantiate  the  computing  resources. 
The  key  areas  are  virtualization  and  the  MITRE  CCOD®  prototypes. 

3.1  Virtualization 

Virtualization  provides  the  foundation  for  building  the  composable  components  of  COC. 
Virtualization  allows  dynamic  adjustment  of  computing  resources  to  meet  the  operational 
demands.  The  computing  resources  are:  compute  (processing),  memory,  storage  and  network. 
Virtualization  is  made  possible  by  software  called  a  hypervisor  that  sits  between  a  server's 
physical  computing  resources,  referred  to  as  the  "host,"  and  the  operating  systems  (OSs)  that  use 
the  computing  resources,  referred  to  as  the  "guests."  The  guest  OSs  run  on  top  the  hypervisor, 
which  abstracts  the  hardware  offering  various  configurations  of  computing  resources  to  the 
guests. 

The  guests  are  unaware  that  the  computing  resources  are  not  physical,  which  has  some 
advantages  for  composability.  Virtual  resources  means  the  mapping  to  computing  resources  is 
purely  through  file  configurations.  File  configurations  are  easy  to  replicate,  change  and  move 
between  environments  to  provide  fault  tolerance  and  flexibility.  For  the  COC  initiative,  VMware 
vSphere  provides  the  virtualization  infrastructure.  Figure  2  shows  the  environment  for  MITRE 
Quantico  and  San  Diego. 


3  Situational  Awareness  Geospatial  Enterprise,  https://sageearth.northcom.mil. 

4  Note  the  authoritativeness  and  correctness  of  the  data  feeds  are  still  a  concern. 

©  2010  The  MITRE  Corporation.  All  Rights  Reserved.  3 


Composable  Operations  Center,  Naval  Division,  FY  10  Technical  Report 


November  2010 


Virtualization 

Technology 


Our  Virtualized  Infrastructure 


San  Diego 

*  lx  VMware  ESX  4.0  Server 
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7  virtual  networks 


Figure  2  COC  virtualization  infrastructure 

VMware  vSphere  consists  of  the  following  components: 

•  Computing  resource  management:  vCenter  Server  provides  centralized  management  of 
VMware  vSphere  servers  (ESX  and  ESXi)  to  configure  server  clusters,  permissions,  and 
computing  resources. 

•  Hypervisor:  ESX  is  the  hypervisor  that  abstracts  the  physical  hardware's  computing 
resources. 

•  User  interface:  vSphere  Client,  shown  in  Figure  3,  is  a  Windows  desktop  application  that 
allows  users  and  administrators  to  access  the  management  features  of  the  vCenter  Server  or 
connect  directly  to  an  ESX  server.  The  vSphere  Client  provides  users  with  the  ability  to 
provision,  start,  and  stop  virtual  machines  as  well  as  configure  many  properties  of  the 
virtualization  server. 
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Figure  3  vSphere  client  interface 

The  COC  initiative  uses  vSphere  Application  Programming  Interfaces  (APIs)  to  quickly 
configure  Virtual  Machines  (VMs),  including:  moving  VMs  between  networks,  cloning  VMs, 
changing  memory  and  storage  configurations,  and  sharing  VMs  with  others  within  MITRE. 
Leveraging  the  VMware  tools,  it  takes  just  a  matter  of  minutes  to  clone  a  VM  and  power  up  for 
usage. 

3.2  Virtualizing  C2  Systems 

Existing  C2  systems  provide  critical  mission  processing  and  data  sources  that  must  be  integrated 
into  the  COC  architecture.  As  part  of  the  FY  10  COC  effort,  Joint  Tactical  Common  Operational 
Picture  Workstation  (JTCW)  was  virtualized  to  experiment  with  C2  system  virtualization. 

Because  JTCW  includes  an  OS  as  part  of  the  install,  it  is  best  to  locate  the  install  media  on  the 
same  Local  Area  Network  (LAN)  as  the  virtualization  infrastructure.  The  team  attempted  remote 
installs  from  San  Diego  to  Quantico  to  test  the  case  of  remote  ops  center  installs.  The 
installations  would  start  but  failed  after  a  couple  hours.  Ideally,  the  install  media  should  be 
directly  connected  to  the  ESX  server  via  local  disk  or  LAN,  such  as  Storage  Area  Network 
(SAN)  connected  via  Gigabit  Ethernet  (GbE). 

Once  installed,  JTCW  was  cloned  using  vSphere  and  multiple  JTCWs  configured  as  described  in 
Section  4.  JTCW  was  accessed  exclusively  through  the  vSphere  console,  similar  to  other 
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terminal  services,  such  as  Remote  Desktop  or  YNC®.  With  any  terminal  services  access,  there 
was  slight  delay  on  updates  during  graphic  intensive  processing  (e.g.,  moving  tracks  around  the 
map).  In  future  testing,  a  virtualization  client  (e.g.,  VM  Workstation)  will  be  used  to  test  the 
perceived  performance  in  a  client-based  instantiation. 

Going  forward,  the  COC  effort  will  experiment  with  various  C4ISR  systems  to  evaluate  where 
virtualization  can  improve  composability  of  ops  centers  balanced  with  appropriate  performance 
and  usability  to  the  end  users.  The  MITRE  COC  tools  discussed  in  the  next  section  are  focused 
on  improved  composabilty  and  usability.5 

3.3  MITRE  COC  Tools 

The  COC  initiative  is  leveraging  MIP  CCOD®  research  portfolio  to  provide: 

•  Ops  Center  on  Demand:  A  virtualized  Information  Technology  (IT)  infrastructure  coupled 
with  a  capability  for  deploying  tailorable  libraries  of  different  IT  configurations  in  minutes  to 
support  different  mission  sets  on  the  fly.  MITRE  is  prototyping  the  Ops  Designer  tool  to 
demonstrate  this  capability. 

•  Tools  for  Composing  C2  Applications:  A  web-based,  drag-and-drop  method  for  COC 
technical  experts  to  build  C2  apps  on  the  fly  for  emergent  requirements  with  different  pre¬ 
existing  information  feeds  and  widgets.  MITRE  is  prototyping  the  CCOD®  Authoring  Tool 
(CAT)  to  demonstrate  this  capability. 

•  Tools  for  Sharing  Apps  and  Ops  Center  Designs:  A  service  for  distributing,  rating,  and 
sharing  C2  apps  among  ops  centers.  MITRE  is  prototyping  the  SimpleC2  marketplace 
service  to  demonstrate  this  capability. 

The  COC  technologies  provide  a  foundation  for  quick,  low  cost  innovations  that  capitalize  on  the 
technical  knowledge  of  people  in  uniform.  COC  realigns  the  IT  infrastructure  so  that  it  revolves 
around  the  mission,  vice  the  mission  around  the  IT.  Composability  enables  operators  to  self- 
synchronize  around  relevant  data  sets  and  persist  critical  information,  even  in  denied 
environments  leveraging  a  properly  distributed  infrastructure.  Figure  4  shows  the  mapping  of  the 
COC  technologies  to  the  CCOD®  Reference  Architecture. 


5  Performance  analysis  is  expected  as  part  of  industry  and  sponsor  engagement  FY  1 1  through  FY  12. 
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Figure  4  CCOD®  reference  architecture 

Figure  5  shows  how  the  COC  tools  support  three  distinct  operator  roles:6 

•  Combat  Coder:  Technically  trained  operator  with  background  in  software  programming, 
adept  with  basic  software  development  and  Microsoft  tools  (e.g.,  web  pages,  Excel  macros). 
Usually  a  self-selected  role  at  the  ops  center  focused  on  creating  just-in-time  capabilities  to 
support  the  mission. 

•  Average  Operator:  Majority  of  operators,  comfortable  with  technology,  web-based  and 
Microsoft  tools.  While  less  technical  than  combat  coder,  augments  capabilities  with  simple 
modifications  that  get  the  job  done. 

•  Commander:  The  ultimate  consumer  that  defines  the  information  requirements  of  the  ops 
center.  Leverages  the  capabilities  developed  by  the  combat  coder  and  operators  to  make 
better  informed  decisions. 


6  Roles  based  on  MITRE  research:  SimpleC2  Defining  the  Core  Components  of  Command  and  Control,  Todd  Reily, 
Jan  2010;  User  Personas  for  Command-and-Control  Environments,  Todd  Reily,  Nov  2010. 
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Figure  5  COC  tools 


3.3.1  Ops  Designer 

The  Ops  Designer  tool  provides  a  user-friendly,  web-based  interface  to  simplify  the  process  of 
provisioning  and  configuring  the  virtual  machines  that  comprise  an  ops  center.  The  user  is 
guided  through  the  following  steps:  (1)  create  or  modify  an  existing  ops  center,  (2)  select 
existing  virtual  machines  from  a  repository  to  add  to  the  ops  center,  (3)  configure  settings  for 
individual  virtual  machines,  (4)  associate  security  permissions  with  the  virtual  machines,  (5) 
build  the  ops  center  by  instantiating  the  virtual  machines  on  the  ops  center's  virtualization 
infrastructure  and  (6)  review  the  configured  virtual  machines  once  instantiated.  Ops  Designer 
manages  the  VM  configurations  using  the  Open  Virtualization  Format  (OVF).  OVF  provides  a 
standards-based  XML  format  that  is  platform  agnostic.  Figure  6  shows  an  example  of  an  OVF 
VM  file. 
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<?xmf  version-*  I  <0*  encoding-“UTF^8*  ?> 

<!--  Generated  by  VMware  Virtual  Center  Server,  User:  MITREWlitt*  UTC  tme:  201G-06-14T2 1 :  5- :  L 1 .  12  — > 

-  <Envelope  vmw;buiklld=''build-208111*  xmlns=,iittp://schemasTdmtf,Qrg/ovf /envelope/  V 
xmlns:ann  ="http;/  /  schemas,  dmtl.org/ wbem/ wscim/ 1/  common" 

xmlns:  ovf="http:/  /schemas. dmtf.org/ovf /envelope/ 1 *  xmlns ;  rasd  =littp:/  /schemas. dmtf.org/ wbem/ wscim/ 1  /cim- 
schema  /  2  /  C IM  _  Resource  Alio  cat  ion  Setting  Data"  xmlns:  vmw  =*http:  /  /  ww  w  .vmware.com/schema  /ovT 
xmlns:  vssd  ="http:/  /  schemas.dmtf.org/ wbem/ wscim/ 1  /dm-  schema/  2  /  eiMVlrtualSystemSettingData" 
xmlnsTXSi^http:/  /  www.  w3  .org/  200 1  /XM  LSchema  -  instance"  > 

-  deferences  > 

dile  ovf;  href  ~"COPS_LFOC- disk  l<vmdk"  ovf:id=*filel#  ovf;  size  =*74 54 2085 12*  /> 

</References> 

-  disks  ection> 

<Info>VirtuaI  disk  information  </Info> 

<Disk  ovfjcapadty^'SO"  ovf:capacityAIIocationUnits="byte  *  2A30'  ovf:  diskid =rvmdiskl*  ovf:ftleRef="filelM 
ovf:forma1:='  http://www.vmware.eom/interfaces/specifications/vmdk.htfni#streamOplimi7ed"  /> 

d>iskSection> 

-  <Network5ecbon> 

<info>The  list  of  logical  networks </Inft» 

-  Network  ovf:name-riCOPS  VLANn> 

description  >The  COPS  VLAN  network  </0esc  rip  bon  > 

</Network  > 

</Ne  tworkSe  c  ti  on  > 

-  <VirtU3l System  ovf:ad="GQPS_LFOC"> 

<Info>A  virtual  machine  </Info> 

<Name  >COPS_LFOC  </Name> 

-  cOperatingSystemSecbon  ovf;id=*67"  vmw:osType-*wirtXPProGue£r> 

<Info>The  kind  of  installed  guest  operating  system  </Info> 
description  >Micros  oft  Windows  XP  Professional  (32-bit)</Descripbon> 

</Ope  ra  tin  g  System  Sec  ti  on  > 

-  <Vi  r  tu  al  Hard  ware  Sec  bon  > 

<In  fo  >Vi  rt  u  a  I  h  ard  wa  re  req  u  ire  men  t  s  <J  Info  > 

-  <System> 

<vssd:EtementNarne>Virtual  Hardware  Family</vssd:ElementName> 

<vssd:  InstanceiD  >0  </vssd:  InstancelO  > 

<vs  sd :  Vir  tualSy  s  te  m  Ide  n  ti  her  >CO  PS_LF  OC  </vssd :  virtua  iSy  stem  Ide  n  ti  fier  > 

<vssd:  VirtualSy  stemType  >vmx-  07  </vssd:  Virtu  alSystemType  > 

</System> 


Figure  6  OVF  VM  file 

By  leveraging  OVF,  Ops  Designer  will  be  able  to  support  multiple  virtualization  environments 
beyond  the  currently  supported  VMware.  A  screen  shot  of  Ops  Designer  web  interface  is  shown 
in  Figure  7. 
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Figure  7  Ops  Designer  screenshot 

The  expectation  is  ops  centers  will  be  created  (e.g.,  HADR-BN,  STOM-REGT-LFOC)  through 
Ops  Designer  then  shared  with  others.  All  of  the  metadata  and  configuration  pieces  around  a 
particular  ops  center  are  maintained  in  a  back-end  database.  The  FY  1 1  plan  is  to  allow  the 
configuration  to  be  published  as  a  single  XML  file  or  set  of  files  which  can  easily  be  shared  or 
re-instantiated.  A  user  logs  into  Ops  Designer  and  is  presented  with  available  mission-based  ops 
centers  as  shown  in  Figure  8.  If  modifications  are  required  for  the  ops  center,  a  user  can  edit  an 
existing  configuration. 
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Figure  8  Operations  centers  based  on  mission  sets 

While  Ops  Designer  abstracts  much  of  the  complexity  to  building  ops  centers,  it  is  important  to 
discuss  some  of  the  complexity  to  understand  how  the  pieces  fit  together  to  automate  the  creation 
and  management  of  sets  of  virtual  machines.  Figure  9  provides  a  high  level  view  of  the  system 
components  that  make  up  the  Ops  Designer  architecture.  While  core  to  the  current  design,  in  the 
future  VMware  ESX  could  be  swapped  out  for  other  virtualization  technology.  The  team 
purposefully  designed  Ops  Designer  to  avoid  vendor  lock-in.  The  majority  of  the  software  is  free 
open  source  software  with  proven  track  records  in  production  environments  and  robust 
development  and  support  communities. 

Ops  Designer  is  the  hub  of  the  VM  provisioning,  automating  much  of  the  process  and  acting  as  a 
bridge  between  the  newly  created  VMs  on  a  closed  Virtual  Local  Area  Network  (VLAN)  and  an 
ops  center  network.  Ops  Designer  uses  tools  for  automating  the  system  configuration  during  VM 
boot,  Internet  Protocol  (IP)  address  assignment  and  name  resolution,  firewall  software  to  isolate 
the  newly  created  VM  from  the  existing  network,  and  remote  access  software  to  allow  the  user  to 
log  in  to  the  VM  via  a  web  browser. 
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The  OVF  Repository  may  be  local  as  shown  in  the  diagram  above  or  remote.  Multiple 
repositories  may  be  configured  to  provide  a  large  variety  of  VMs  or  to  allow  quick  addition  of 
new  capabilities  to  the  system.  For  example,  if  a  coalition  partner  shows  up  with  their  own 
systems,  these  can  be  exposed  as  a  new  repository  for  inclusion  in  the  overall  set  of  capabilities. 
For  the  COC  initiative,  there  are  OVF  repositories  providing  VMs  from  MITRE  Marines  and  Air 
Force  with  Navy  and  Army  to  follow  in  FY  11. 

The  largest  performance  bottleneck  when  creating  ops  centers  is  copying  the  VM  files  from  OVF 
repositories  to  ESX  prior  to  cloning.  In  most  cases,  the  VMs  should  be  stored  on  the  LAN  and 
allocated  sufficient  network  resources  to  efficiently  move  large  files,  numbering  in  the  gigabytes, 
between  the  repository  and  virtualization  server.  Additionally,  steps  can  be  taken  to  reduce  the 
amount  of  disk  space  taken  up  by  a  VM,  such  as  using  thin  provisioning  or  reducing  the  unused 
storage  bytes  allocated  to  a  disk. 

Other  approaches  besides  traditional  file  transfers  protocols  (i.e.,  FTP,  HTTP)  should  be 
investigated  for  moving  large  files.  For  example,  peer-to-peer  networking  technologies  may  be 
more  appropriate  to  transfer  large  files  between  various  ops  center  to  increase  performance  and 
reliability.  As  more  ops  centers  share  VMs  through  OVF  repositories,  the  number  of  peers 
available  to  download  the  VMs  from  increases.  The  increased  peers  provide  more  download 
sources  to  grab  slices  of  a  VM  file  using  a  protocol  like  BitTorrent.  The  COC  effort  plans  to 
investigate  various  technologies  to  improve  the  sharing  of  VMs  across  the  network. 

From  the  user  perspective,  Ops  Designer  is  a  web  page  that  provides  simple  to  follow  workflow 
for  configuring  the  VMs  that  comprise  an  ops  center.  But  under  the  covers,  Ops  Designer  is  part 
of  a  larger  architecture  which  is  providing  many  capabilities  that  are  the  foundation  of  a 
composable  infrastructure. 
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3.3.2  CCOD®  Authoring  Tool 

The  CAT  is  a  web-based  mashup  environment  for  a  user  to  compose  ops  center  mission 
capabilities.  Through  an  intuitive  drag-and-drop  interface,  multiple  data  feeds  are  added  to  core 
components  (i.e.,  maps,  data  grids,  detailed  viewer).  The  core  components  are  anchored  to  panes 
as  shown  in  Figure  10.  A  data  feed  is  linked  between  the  components  in  the  panes.  For  example, 
selecting  a  GeoRSS  item  on  the  map  highlights  the  same  item  on  the  data  grid. 

Multiple  feeds  can  be  aggregated  on  a  map  similar  to  the  KML,  Google  Earth  example  discussed 
in  Section  2.  Unlike  Google  Earth,  CAT  handles  multiple  formats  (i.e.,  KML,  GeoRSS,  Cursor- 
on-Target,  UCore).  Since  CAT  processes  the  feeds  in  JavaScript,  large  and  complex  feeds  can 
take  a  long  time  to  load.  The  current  prototype  limits  the  number  of  items  processed  in  the  feed 
to  reduce  the  load  time. 


Figure  10  CAT  screenshot 

CAT  is  not  limited  to  processing  data  feeds;  other  web-based  components  can  be  leveraged,  such 
as  chat.  CAT  provides  the  ability  to  "dock"  an  extensible  Messaging  and  Presence  Protocol 
(XMPP)  client  (SparkWeb  in  the  prototype)  for  chatting  with  other  XMPP-based  clients.  As  long 
as  the  component  can  be  embedded  in  a  webpage,  CAT  should  be  able  to  leverage  it.  One  caveat 
to  consider  is  that  some  web  components  require  Internet  access  (e.g.,  Google  Maps).  In  the  case 
of  disconnected  operations,  other  components  that  provide  the  same  functionality  as  the  Internet- 
based  component  are  being  investigated  (e.g.,  OpenLayers  map). 

A  key  feature  of  CAT  is  the  ability  to  save  the  mashup  application's  configuration  to  share  with 
others.  A  saved  app  is  stored  in  the  SimpleC2  Marketplace  as  an  XML  document  as  shown  in 
Figure  1 1 .  The  data  feeds  and  location  of  components  are  saved  to  quickly  be  reconstituted  using 
the  "Create  Component"  button. 
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Another  key  feature  of  CAT  is  the  ability  of  the  tool  to  automatically  connect  the  visual 
components  that  are  using  the  same  data  feed.  For  instance,  in  the  screenshot  in  Figure  10,  if  the 
user  were  to  click  a  row  in  the  spreadsheet  widget,  the  map  view  would  automatically  zoom  in 
and  display  information  on  the  map  marker  which  corresponds  to  the  clicked  item  in  the 
spreadsheet. 

-  <restFeed  id=Tiltered  Sample  Marine  Traffic"> 

-  <read  remUFU=p^2FProxySeiMetVo3FxslURLVo3DhttpV03A%2FV>2FlocalhostVo3A8O8OVo2FCATVb2Fdatd<yo 

2Ftraiisforms0/o2F9eoFilter.xstt0/o26miiiLato/o3D50t>/o26maxLat0/o3D510/o26yrl<yo3Dhttpo/o3A0/o2Fo/tj 
2Flocalhost0/o3AB080°/o2  FCATVb2  Fdata  Vo  2  Fdoc.  kmlrl  poiling_frequenc y =wO"  responseFormat^xml" 
fcrmat=fikmr  updateMode=*lF  method  ="GET> 

<eIementsSubset  /> 

<^read> 

<restFeed> 

</modei> 

-  <view> 

-  <centerPosrtion> 

-  <widget  id-rtorg.  mitre.  ccod.GMapPanel3*  remURL-""  tide  ^"Google  Map  v3h> 

<feed  id -"Reuters  Top  News11  remURL-"tVb2FProxyServlet%3FuH(%3Dhttp<yo3A%2Fo>b 
2  Fws.geonames.ofg%  2FrssToGeoRSS%3  FfeedUri%3Dhttp%3  A%2  FVolFfeeds.reuters.com^ 
2FreutersVb2FworldNews  /> 

<feed  id Army  Front  Page  News"  remURL=noA2FProxyServlet%3Furl%3Dhttp0/»3A<yo2F°/o 
2  Fws.geonames.org  Vo  2FrssToGeoRSSVb3  FfeedUrlVoSDhtt  p<Vb3  A  Vb2  FVa2Fwww.army.  mil  Vb  2Frss°/b 
2Ffeeds°A>2Ffrontpage.xmr  /> 

<feed  id="US  Doppler  Radar11  remURL='*VD2FProxyServlettVto3Furl%3DhttpVb3AVo2F0/o2  Fearthnc.com Vb 
2Fkml%2FNexrad-n1.kmz 

<feed  id=pSample  Marine  Traffic1'  remURL=' V62FProxyServleto/63Furi^3DhttpVb3AVb2F^2FlocalhostVo 
3A80800AJ2FCAT0A2FdataVD2FdOC.kmr  /> 

<feed  id  =pLive  Buoy  Conditions  remURL=fl^2FProxYServletVo3FurlVo3DhttpVo3AVb2FVD 
2  F www.ndbc.noaa  .govVo  2Fkml  Vo  2Fmarmeobs_«s_kml.php  Vb3Fsort  Vb3Do  wner'  /> 

<feed  id="Filtered  Sample  Marine  Traffic-  remURL="<Vb2FProxy5ervieto/o3FxslURLVo3DhnpV03AVa2Fc!fa 
2FlocalhostVo3A8080Vo2FCATVb2FdataVb2Ftransfomis<tt>2FgeoFilter.xsltVb26minLatVo3D50Vo 
26maxLat%3DSl%26url%3Dhttp%3A%2F%2FlocaihostVo3A8080Vo2FCATVo2Fdata%2Fdoc.kmi^  /> 
</widget> 

</ce  n  terP  osi  tion  > 

-  <eastPosition> 

<widget  id=norg.mitre.ccod.ChatPaneT  remURL=8"  title -"’Chat'1  /> 

</eastPosition> 

-  <soiithPosibon> 

-  <wtdget  id=',org. mitre. ccod.GridPaner  remURl="p  title-Data  Gridp> 

cfeed  id=MLive  Buoy  Conditions'1  remURL=pVb2FProxyServletVo3FijrlV()3Dhttp%3AVb2FVo 
2  F www.ndbc.noaa .  gov  Vo  2 f  kml  Vo  2  F  rna  rtn  eobs._a s_kml.php  %3  F  sort°/o3Do wner  / > 

</widget> 

</  sou  thPosi  ti  on  > 

</vrew> _ 


Figure  11  CAT  app  saved  in  XML 


3.3.3  SimpleC2 

SimpleC2  provides  a  web-based  registry  of  resources:  applications,  data  feeds  and  widgets.  For 
COC,  SimpleC2  is  one  place  where  CAT  can  save  application  configurations.  The  vision  is  that 
SimpleC2  provides  the  local  app  store  at  each  ops  center  with  SimpleC2  instances  searchable 
across  ops  centers.  Figure  12  provides  a  screenshot  of  SimpleC2. 
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hadr 

Search 

-  j 

HADR  REGT-LFGC-WC 

Launch  |  Edit 

Author:  Unknown 

Tags  AOC  TST  M»$siOn  Planranfl  Cyber  Defense 

20 10- 11 -05T  15:11:07.5182 

Watch  chief  at  LFOC 


☆☆☆☆☆ 


H  ADR-  REGT-  LFOC- WC-  2 

Unknown 

Tags:  AOC  TST  Mission  Pi  an  rung  Cvber  Defense 

2010-1  l-Q5Tl8243345,ee3Z 

updated 


HAOR  BN-COC-WC-2 

LOT£>j  |  £di 
Author.1  Unknown 

Tags:  ACC  TST  Mission  .Planning  Cvber  Defense 

201Q-ll-05T19:00:02-371Z 

Update  to  simplify  the  number  of  feeds. 


Figure  12  SimpleC2  screenshot 

4  Compose  an  Operations  Center  in  Minutes 

Over  the  last  year,  COC  has  been  demonstrated  at  MITRE  Bedford,  Quantico  and  San  Diego. 
Most  demonstrations  leveraged  the  same  Humanitarian  Aid  and  Disaster  Relief  (HADR) 
scenario  based  loosely  on  the  Haiti  earthquake  disaster  of  January  2010.  The  scenario  serves  as  a 
backdrop  to  provide  operational  relevance  for  the  demonstrations.  The  expectation  is  the  same 
tools  and  information  flows  would  be  part  of  other  scenario  demonstrations. 

In  support  of  the  HADR  scenario  mission,  an  Expeditionary  Strike  Group  (ESG)  is  dispatched  to 
the  vicinity  of  the  disaster  with  elements  of  a  Marine  Corps  Light  Armored  Recon  (LAR) 
Battalion  (BN)  afloat.  The  LAR  BN’s  mission  is  to  conduct  security  and  reconnaissance 
operations  ashore  in  support  of  the  ESG  as  needed.  This  context  demonstrates  the  traditional 
command  structure  with  a  Numbered  Fleet  Headquarters  (HQ)  directing  ESG  operations  from  a 
Maritime  Operations  Center  (MOC)  located  home  station  in  the  Continental  United  States 
(CONUS),  a  Landing  Force  Operations  Center  (LFOC)  afloat,  and  a  LAR  BN  Combat 
Operations  Center  ashore.  COC  capabilities  are  demonstrated  at  the  LFOC  as  the  thread  shows  in 
Figure  13. 
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Figure  13  Demonstration  thread 

The  demonstration  thread  illustrates  the  use  of  traditional  C2  information  sources  (JTCW  and 
chat),  a  Tactical  Service  Oriented  Architecture  (TSOA)7,  augmented  by  non-traditional 
information  sources  (data  feeds).  Depending  on  the  operations,  the  data  feeds  consumed  by  CAT 
varies. 

It  is  important  to  note  that  step  #1,  the  IT  administrator's  configuration  of  the  virtualized  C2, 
TSOA  and  COC  components,  is  a  precursor  to  a  composable  ops  center.  While  the  initial 
establishment  of  the  virtualization  infrastructure  and  converting  C2  systems  to  VMs  takes  hours 
to  days,  once  the  virtualization  infrastructures  is  established  and  the  VMs  created  and  initially 
configured;  these  VMs  can  be  cloned  and  reconfigured  in  minutes. 

During  a  mashup  event  at  MITRE  Quantico  on  14  October  2010,  the  MITRE  team  was  able  to 
establish  a  simple  ops  center  as  shown  in  the  demonstration  thread  in  about  45  minutes.8  The 
following  seven  VMs  were  powered  up,  configured  and  ready  for  use: 

•  MAGTF  Command  and  Control  System  Applications  (MC2SA)  Increment  1  (Incl)  TSOA 
running  on  Red  Hat  Linux  leveraging  JBoss  community  edition  components. 

•  TSOA  Incl  KML  Network  Link  to  share  JTCW  tracks  via  KML. 

•  Two  JTCW  Gateway  and  Client  with  Spark  chat  client  and  TSOA  Incl  Command  and 
Control  Personal  Computer  (C2PC)  Connector  (enable  publishing  tracks  to  TSOA)  to 
represent  Regiment  and  Battalion  level  C2  capability. 

•  OpenFire  chat  server  running  on  Windows  XP. 


7  TSOA  Increment  1  (Incl)  software  suite  is  from  Marine  Corps  Systems  Command  Product  Group  1 1  Marine 
Corps  Air  Ground  Task  Force  C2  Systems  Applications  (MC2SA)  program. 

8  KML  Network  Link  consumption  by  CAT  is  still  a  work  in  progress  (steps  #6  and  #7)  as  Google  Maps  has  issues 
consuming  complex  KML  feeds. 

©  2010  The  MITRE  Corporation.  All  Rights  Reserved.  16 


Composable  Operations  Center,  Naval  Division,  FY  10  Technical  Report 


November  2010 


•  CAT  and  Ops  Designer  running  on  Kubuntu  Linux. 

•  SimpleC2  running  on  Ubuntu  Linux. 

•  OVF  Repository  running  on  Ubuntu  Linux. 

5  Engage  Potential  Early  Adopters 

As  illustrated  by  the  demonstration  thread  in  the  previous 
section,  the  Marine  Corps  is  considered  a  potential  early 
adopter  of  COC.  The  expected  deployment  environment  is  the 
Combat  Operations  Center  which  shares  more  than  just  the 
COC  abbreviation.  The  Marines  Combat  Ops  Center  uses  the 
same  VMware  infrastructure  as  COC.  Also,  the  MITRE 
Quantico  engineers  that  participate  in  the  COC  initiative  are 
actively  engaged  in  the  software  architecture,  design  and 
prototyping  of  the  TSOA.  The  TSOA  is  expected  to  integrate 
into  the  Combat  Ops  Center  in  late  2011.  Demonstrations  have 
been  ongoing  at  MITRE  Quantico  since  September  2010  of 
both  COC  and  TSOA. 

To  test  the  feasibility  of  COC  in  a  deployed  environment,  a  fly¬ 
away  kit  is  being  configured  at  MITRE  Quantico  as  shown  to 
the  right  in  Figure  14. 

The  fly-away  kit  provides  insight  into  the  size,  weight  and 
power  aspects  of  a  mobile  COC.  The  fly-away  kit  consists  of 
the  components  shown  in  Table  1  housed  in  a  hardened  1 1U  Figure  14  COC  fly-away  kit 

transit  case. 


Table  1  COC  fly-away  kit 


Component 

Description 

Size 

Power 

KVM 

TRIPP-LITE  8 -port  console 

1U 

100  VA 

Network 

Dell  PowerConnect  5424  24  port  GbE  switch 

1U 

180  VA 

Virtualization  server 

Dell  PowerEdge  R715  2x8  core  AMD  Opteron  6136  2.4  GHz 
(38400  MHz),  32  GB  RAM,  8  GbE  NICs 

2U 

800  VA 

Virtualization  server 

Dell  PowerEdge  R415  2x6  core  AMD  Opteron  4176  2.4  GHz 
(28800  MHz),  32  GB  RAM,  6  GbE  NICs 

1U 

700  VA 

Storage 

Aberdeen  XDAS  iS1002  12TB  SATA  iSCSI  SAN 

2U 

600  VA 

Power  supply9 

Liebert  GTX  1500  x2  (1500  VA  capacity) 

4U 

Total 

Compute=70320  MHz,  Memory=64  GB,  Storage=12  TB, 
Network=14000  Mbps 

11U 

2380  VA 

By  engaging  in  detailed,  hands-on  research  and  prototyping,  MITRE  is  in  a  position  to  provide 
objective  and  informed  advice  to  our  sponsors  regarding  the  technology  transition  of  COC. 


9  If  the  fly-away  kit  operated  at  full  load,  the  1500  VA  Liebert  power  supply  would  not  be  sufficient.  The  plan  is  to 
replace  with  2  2U  power  supplies  capable  of  supporting  3000  VA. 
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6  Observations 

This  section  provides  observations  gained  during  the  execution  of  the  FY  10  COC  initiative. 


6.1  Virtualization  Performance 


For  COC  work  at  MITRE  Quantico,  the  ESX  4.0  server  is  run  on  a  Dell  PowerEdge  R710  2x4 
core  Intel  Xeon  X5570  2.93  GHz  with  48  GB  of  Random  Access  Memory  (RAM)  and  4  GbE 
network  cards  as  shown  in  Figure  15. 


qlab*  esx02jnitrc.org  VMware  ESX,  4.0.0,  208167 
Getting  Started  Virtual 


General 

Manufacturer: 

Define. 

Model: 

PowerEdge  R710 

CPU  Cores: 

8  CPUs  x  2.925  GHz 

Processor  Type: 

Intel(R)  Xeon(R)  CPU 

XS570  $  2.93GHz 

Processor  Sockets: 

2 

Cores  per  Socket: 

4 

lopcal  Processors: 

16 

Hyper  threadng: 

Active 

Number  of  NICs: 

4 

State: 

Connected 

Virtual  Machnes  and  Templates: 

78 

VMobon  Enabled: 

no 

VMware  EVC  Mode: 

Disabled  p 

FadtTolerance  Enabled: 

Active  Tasks: 

Host  Profile: 

no  p 

Profle  Compkance: 

e  n/a 

Commands 


|  fit  New  virtual  M» 

Annotations 


Resources 

CPU  usage:  1959  MHz  Capacity 

mm  8  x  2.925  GHz 

Memory  usage:  28599.00  MB  Capacity 

a  ■!—  . . .  49 142.60 MB 


Datastore 

Status 

Capacity 

8 

LOCAL-02 

© 

Normal 

1.64  7B 

1. 

0 

LOCAL-01 

© 

Normal 

277.50  GB 

269.C 

8 

NetApp  VM_Store 

© 

Normal 

2.00  TB 

740.1 

8 

ISO 

© 

Normal 

1.00  TB 

SSO.f 

4 

m 

Network  Type 

Xangati  Monitor  for.  Standard  switch  network 
HBSSLAN  Standard  switch  network 

Xangati  Montor  Standard  switch  network 
VM  Network  Standard  switch  network 

3L  Xangati  Monitor  for.  Standard  switch  network 
COC_FoS  Network  Standard  switch  network 
Internal  Host  Swit...  Standard  switch  network 
Q  COPS  VLAN  Standard  switch  network 

NFS-VM  Standard  switch  network 

SL  AFATDSnetwork  Standard  switch  network 
Xangati  Monitor  for.  Standard  switch  network 
300 _ Standard  switch  network 


y  Edit 


Figure  15  COC  virtualization  server  at  MITRE  Quantico 

The  COC  team  fluctuated  between  1-4  simultaneous  users,  with  various  periods  of  activity.  The 
server  was  shared  with  other  MITRE  projects  which  increased  the  simultaneous  user  load  up  to 
10  users.  The  number  of  simultaneous  VMs  running  was  from  10  to  30.  Figure  16  shows  the 
compute,  memory  and  network  performance  over  a  30  day  period  (5  October  to  4  November 
2010).  Note  the  big  spike  in  usage  in  mid-October  as  the  team  integrated  with  TSOA  and  had 
multiple  demonstration  events.  Compute  performance  peaked  around  20  October  2010  at  8,000 
MHz,  which  is  -35%  of  the  servers  total  Central  Processing  Unit  (CPU).10  Memory  also  peaked 
during  the  same  period  reaching  close  to  90%  of  the  available  RAM. 


10  8  cores  x  2.925  GHz  =  23,400  MHz;  8,000/23,400  =  0.342. 
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Figure  16  COC  virtualization  performance 

Figure  17  provides  more  fidelity  of  compute,  memory  and  storage  usage  during  COC 
demonstration  preparation.  Eight  of  the  twelve  powered  on  YMs  are  COC  related.  These  are  the 
same  VMs  as  the  demonstration  thread  discussed  previously.  The  total  storage  used  by  the  COC 
YMs  is  194.77  GB,  which  is  much  less  than  the  357.08  GB  provisioned  for  the  VMs.  Based  on 
how  the  storage  for  the  specific  VM  is  configured  during  the  VM  creation,  all  the  storage  may  be 
allocated  or  only  a  portion  allocated.  Thick  provisioning  allocates  (uses)  all  the  memory  that  is 
provisioned  to  the  VM.  Thin  provisioning  dynamically  adjusts  the  storage  based  on  the  needs  of 
the  VM. 


Name 

State 
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Host 

Provisioned Spacel  Used  Space 

Host  CPU  '  MHz 

Ho  st  Mem  -  MB 

Guest  Mem  -  % 
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© 
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© 
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Figure  17  Powered  on  guests 

The  total  storage  available  to  the  virtualization  environment  is  shown  in  Figure  18.  While 
MITRE  Quantico  has  a  12  Terabyte  (TB)  NetApp  device,  only  2  TB  are  currently  allocated  for 
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use  by  VMware.  Also,  depending  on  the  type  of  Redundant  Array  of  Independent  Disks  (RAID) 
employed,  the  total  available  storage  can  quickly  be  reduced.  Since  MITRE  Quantico  is  using 
RAID-5  and  creating  snapshots  for  backups  on  the  NetApp  device,  about  6  TB  is  actually 
available  for  use.  The  other  storage  sources  are  local  disks  physically  installed  in  the  ESX 
servers  ("LOCAL"  listed  in  the  figure  below). 


Space  Utjfczation  for  Quanttco  Datastores 


By  F*e  Type 


Space  Utitaratton  By  Fite  Type 


%  *;> 


□  Free  Space 

■  Other 

■  other  vw  Fites 

■  Snapshots 

■  Swap  Fites 

■  Virtual  Disks 


Figure  18  COC  storage 

Most  virtualization  environments  employ  clusters  of  multiple  servers.  The  MITRE  Quantico  lab 
currently  has  two  virtualization  servers  similar  to  the  servers  listed  in  the  fly-away  kit  table. 
While  a  specific  VM  cannot  be  split  across  the  multiple  servers,  the  capacity  is  available  to  share 
among  the  VMs.  For  example,  if  one  ESX  server  is  near  full  utilization,  the  other  ESX  server 
would  host  new  VMs.  VMware  advertises  the  ability  to  move  live  VMs  between  servers  with  no 
perceived  performance  impact  to  live  users  using  vMotion.  MITRE  plans  to  investigate 
vMotion's  capabilities  in  future  analyses.  vMotion  would  greatly  increase  the  network  utilization 
which  is  why  multiple  dedicated  physical  network  cards  and  a  sound  storage  approach  is  crucial. 
Also,  as  discussed  in  the  Ops  Designer  section,  locating  VM  files  on  the  same  LAN  is  important 
as  copying  large  VM  files  across  a  Wide  Area  Network  (WAN)  is  a  performance  bottleneck 
during  VM  cloning. 

The  MITRE  Quantico  cluster's  compute  and  memory  performance  for  the  month  of  October  is 
shown  in  Figure  19.  The  first  row  of  charts  shows  the  usage  compared  to  the  aggregate  capacity. 
Notice  that  the  CPU  upper  limit  is  35,000  MHz  and  the  memory  60  GB.  The  increased  capacity 
is  due  to  the  server  qlab-esx01.mitre.org  (Dell  PowerEdge  R410).  The  second  row  of  charts 
shows  the  usage  of  each  server.  As  can  be  seen,  most  the  activity  is  due  to  COC  VMs  on  qlab- 
esx02.mitre.org  (Dell  PowerEdge  R710). 
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Figure  19  Virtualization  cluster 

The  main  observation  from  this  high  level  performance  analysis  is  resources  are  quickly 
consumed,  especially  memory.  As  virtualization  is  pursued,  clustering  should  be  considered 
along  with  appropriate  redundancy  measures.  Clustering  and  redundancy  increase  complexity 
which  virtualization  environments,  such  as  VMware,  abstract  to  some  extent.  It  is  important  to 
consider  compute,  memory,  storage  and  networking  as  resources  that  will  be  aggregated  in 
various  ways  in  the  operational  environment  and  plan  accordingly. 

6.2  IP  Address  and  Host  Name 

The  Quantico  lab  and  demo  room  are  under  the  umbrella  of  the  MITRE  corporate  network 
domain.  As  virtual  machines  were  cloned,  the  machine  names  had  to  be  changed  to  avoid 
conflicts  with  MAC  addresses  registered  in  the  MITRE  network  to  support  IP  address 
assignment  (DHCP)  and  host  name  resolution  (DNS).  While  cloning  of  VMs  seems  simple,  the 
network  configurations  still  require  forethought  to  avoid  network  domain  issues. 

6.3  Web-based  Tools 

Using  Google  Earth  as  the  benchmark  for  rendering  KML,  the  web-based  CAT  tool  using 
Google  Maps  had  difficulty  rendering  large  and  complex  KML  feeds.  CAT  uses  JavaScript  for 
the  rendering  which  can  cause  the  browser  to  hang.  For  example,  CAT  had  difficulty  rendering 
KML  from  MarineTraffic.com.  Also,  the  CAT  tool  currently  lacks  authentication  functionality, 
thus  restricting  it  from  accessing  feeds  that  require  credentials  for  access.  Google  Maps  and 
Earth  plug-in  require  authentication  with  Google  over  the  Internet.  Therefore,  a  network  that  is 
disconnected  from  the  Internet  poses  problems.  The  web-based  tools  simplify  the  user's 
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experience  but  come  with  limitations  that  need  to  be  considered.  In  many  cases,  the  web-based 
tools  will  complement  the  client/server  infrastructure  tools. 

6.4  Virtual  Machine  Management 

VMware's  vCenter  Server  is  essential  for  managing  groups  of  users  accessing  the  same  vSphere 
cluster.  The  convenience  of  creating  a  computer  with  a  few  clicks  of  a  button  creates  the  problem 
of  VM  sprawl.  Because  it's  so  easy  to  create  virtual  machines,  users  frequently  create  them 
without  consideration  for  the  management  life  cycle.  To  prevent  VM  sprawl,  or,  at  a  minimum, 
deal  with  the  inevitable  resource  constraints,  the  COC  team  employed  the  following  management 
techniques. 

(1)  Virtual  machines  should  be  explicitly  labeled  with  an  owner  and  contact  information.  Using 
the  annotations  block  under  the  VM  summary  helps  keep  others  informed.  Attributes  (e.g., 
username,  password,  email  address)  should  be  created  for  the  annotations  to  provide  consistent 
information  across  VMs. 

(2)  User  groups  (Windows  or  Active  Directory)  should  be  created  and  specific  permissions 
assigned  to  the  group  in  vCenter  as  shown  in  Figure  20.  In  the  figure,  the  "COPS"  group  is  a 
Windows  group  that  contains  the  users  associated  with  the  COC  work.11  There  are  several 
specific  users  in  the  list  as  well,  which  are  the  overall  administrators  of  vCenter.  In  the  future, 
MITRE  Quantico  may  remove  the  individual  users  and  leverage  groups  for  all  permissions. 


Figure  20  COC  users  are  admins  of  COC  VMs 


11  COPS  used  to  be  the  acronym  for  Composable  Ops  Center. 
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(3)  vCenter's  folders  feature  should  be  used  to  separate  assets  for  different  groups.  For  COC,  the 
folder  structure  provides  a  convenient  way  to  group  the  VMs  associated  with  the  COC  work. 
From  the  previous  figure,  the  COPS  group  is  "Administrator"  of  the  COPS  folder.  Note  the 
COPS  group  in  Figure  21  is  not  assigned  the  Administrator  role  for  the  Quantico  cluster.  Folders 
are  a  good  way  to  segment  the  user  communities. 


Figure  21  COC  users  are  not  admins  of  the  cluster 


7  Conclusion 

During  FY  10,  MITRE  established  the  COC  initiative  to  promote  common  approaches  for 
hosting  and  rapidly  composing  operations  centers.  FY  10  established  the  MITRE- wide  team, 
multiple  virtualized  infrastructures,  composable  capabilities  prototypes  and  initial  integration 
with  C2  systems.  This  report  discussed  MITRE  Naval  Division's  exploration  and  observations 
through  November  2010  into  the  COC’s  four  goals. 

Goal  one  of  information  flows  with  unanticipated  participants  illustrated  the  use  of  standards- 
based,  simple  message  and  data  formats.  The  ubiquitous  nature  of  the  simple  to  use  formats  has 
resulted  in  many  tools  that  enable  data  fusion  and  the  rise  of  prosumers  that  both  produce  and 
consume  data.  The  second  goal  of  rapidly  constituting  essential  computing  resources  focused  on 
virtualization  as  the  foundation  of  a  composable  ops  center.  Virtualization  provides  configurable 
compute,  memory,  storage  and  network  resources  that  can  be  dynamically  adjusted  in  a  matter  of 
minutes,  thus  adapting  to  the  mission's  needs.  Several  MITRE  proof-of-concept  tools  were 
discussed  that  automate  the  creation  and  management  of  ops  centers,  provide  web-based  mashup 
environment  to  compose  mission  capabilities  and  an  app  store  to  share  the  composed 
capabilities.  Leveraging  the  capabilities  of  the  first  two  goals,  goal  three  composed  an  ops  center 
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measured  in  minutes  during  an  October  mashup  event  integrating  the  evolving  Marine  Corps 
TSOA  to  support  consuming  data  from  C2  systems.  The  fourth  goal  of  engagement  with 
potential  early  adopters  built  on  goal  three  focused  on  mobile  ops  with  a  COC  fly-away  kit.  The 
report  concluded  with  observations  of  virtualization  performance,  network  configurations, 
limitation  of  web-based  tools  and  VM  management. 

The  first  year  of  the  COC  effort  focused  mainly  on  the  technologies  that  enable  composability. 
Going  forward,  MITRE  plans  to  continue  investigation  into  the  technologies  and  expand  to 
additional  sponsor  communities.  Over  the  next  two  years,  the  COC  initiative  will  define  a 
framework  so  that  components  of  the  ops  center  can  be  defined,  built,  managed,  and  shared 
separately  from  the  core  technologies.  The  framework  should  help  in  the  acquisition  of 
capabilities  that  can  adapt  to  the  mission  needs  and  support  on-demand  data  fusion. 
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Appendix  A  Acronym  List 

API 

Application  Programming  Interface 

BN 

Battalion 

C2 

Command  and  Control 

C4ISR 

Command,  Control,  Communications,  Computers,  Intelligence, 

Surveillance  and  Reconnaissance 

CAT 

CCOD®  Authoring  Tool 

CCOD® 

Composable  Capability  on  Demand 

COC 

Composable  Operations  Center 

CONUS 

Continental  United  States 

CPU 

Central  Processing  Unit 

DHCP 

Dynamic  Host  Configuration  Protocol 

DNS 

Domain  Name  System 

DoD 

Department  of  Defense 

ESG 

Expeditionary  Strike  Group 

FY 

Fiscal  Year 

GB 

GigaByte 

GbE 

Gigabit  Ethernet 

GeoRSS 

Geo  Really  Simple  Syndication 

GUI 

Graphical  User  Interface 

HADR 

Humanitarian  Aid  and  Disaster  Relief 

HQ 

Headquarters 

HTTP 

Hypertext  Transfer  Protocol 

HW 

Hardware 

IP 

Internet  Protocol 

IT 

Information  Technology 

JTCW 

Joint  Tactical  Common  Operational  Picture  Workstation 

KML 

Keyhole  Markup  Language 

LAN 

Local  Area  Network 

LAR 

Light  Armored  Recon 

LFOC 

Landing  Force  Operations  Center 

MAGTF 

Marine  Air  Ground  Task  Force 

MB 

MegaByte 

MC2SA 

MAGTF  Command  and  Control  System  Applications 
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MHz 

MegaHertz 

MIP 

MITRE  Innovation  Program 

MOC 

Maritime  Operations  Center 

OS 

Operating  System 

OVF 

Open  Virtualization  Format 

RAID 

Redundant  Array  of  Independent  Disks 

RAM 

Random  Access  Memory 

REGT 

Regiment 

SAGE 

Situational  Awareness  Geospatial  Enterprise 

SAN 

Storage  Area  Network 

SOA 

Service  Oriented  Architecture 

STOM 

Ship-to-Objective  Maneuver 

SW 

Software 

TB 

TeraByte 

TSOA 

Tactical  Service  Oriented  Architecture 

VLAN 

Virtual  Local  Area  Network 

VM 

Virtual  Machine 

WAN 

Wide  Area  Network 

XML 

extensible  Markup  Language 

XMPP 

extensible  Messaging  and  Presence  Protocol 
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